CVE-2007-3302

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568	Patch
http://secunia.com/advisories/26134	Patch Vendor Advisory
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
http://www.securityfocus.com/archive/1/474599/100/0/threaded
http://www.securityfocus.com/bid/25050	Patch
http://www.securitytracker.com/id?1018447
http://www.vupen.com/english/advisories/2007/2640
https://exchange.xforce.ibmcloud.com/vulnerabilities/35565
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568	Patch
http://secunia.com/advisories/26134	Patch Vendor Advisory
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
http://www.securityfocus.com/archive/1/474599/100/0/threaded
http://www.securityfocus.com/bid/25050	Patch
http://www.securitytracker.com/id?1018447
http://www.vupen.com/english/advisories/2007/2640
https://exchange.xforce.ibmcloud.com/vulnerabilities/35565

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:::::::*
	cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1::::::
	cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:::::::*

History

No history.

Information

Published : 2007-07-26 00:30

Updated : 2025-04-09 00:30

NVD link : CVE-2007-3302

Mitre link : CVE-2007-3302

CVE.ORG link : CVE-2007-3302

JSON object : View

Products Affected

ca

etrust_intrusion_detection

broadcom

etrust_intrusion_detection

CWE

NVD-CWE-Other

{"id": "CVE-2007-3302", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-26T00:30:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26134", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/474599/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25050", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018447", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2640", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35565", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26134", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/474599/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25050", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018447", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2640", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35565", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified \"scriptable functions.\""}, {"lang": "es", "value": "El control de ActiveX CallCode en el caller.dll 3.0 anterior al 20070713 y el 3.0 SP1 anterior al 3.0.5.81, en el CA (antiguamente conocido como Computer Associates) eTrust Intrusion Detection permite a atacantes remotos la carga de DLLs de su elecci\u00f3n en un sistema cliente, y ejecutar c\u00f3digo desde esas DLLs mediante \"funciones incluida en secuencias de comandos\" sin especificar."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21"}, {"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059"}, {"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E14ADA77-3F59-465F-BC48-765AB6F5C8DE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}